From 0406d0cd93b3da151d77d4f6e5d41623b65b517b Mon Sep 17 00:00:00 2001 From: tigerbot Date: Thu, 12 Oct 2017 11:57:43 -0600 Subject: [PATCH] removed the `acme` property from the `tls` config --- bin/goldilocks.js | 43 ++++++++++++++++++++++++++++++++++++++++--- lib/admin/config.js | 33 +++++++++++---------------------- lib/modules/tls.js | 20 -------------------- 3 files changed, 51 insertions(+), 45 deletions(-) diff --git a/bin/goldilocks.js b/bin/goldilocks.js index c03e12b..21717de 100755 --- a/bin/goldilocks.js +++ b/bin/goldilocks.js @@ -30,6 +30,8 @@ function mergeSettings(orig, changes) { function fixRawConfig(config) { var updated = false; + // First converge all of the `bind` properties for protocols that are on top + // of TCP to `tcp.bind`. if (config.tcp && config.tcp.bind && !Array.isArray(config.tcp.bind)) { config.tcp.bind = [ config.tcp.bind ]; updated = true; @@ -47,12 +49,47 @@ function fixRawConfig(config) { updated = true; } + // Then we rename dns to udp since the only thing we currently do with those + // modules is proxy the packets without inspecting them at all. if (config.dns) { config.udp = config.dns; delete config.dns; updated = true; } + // This we take the old way of defining ACME options and put them into a tls module. + if (config.tls) { + var oldPropMap = { + email: 'email' + , acme_directory_url: 'server' + , challenge_type: 'challenge_type' + , servernames: 'approved_domains' + }; + if (Object.keys(oldPropMap).some(config.tls.hasOwnProperty, config.tls)) { + updated = true; + if (config.tls.acme) { + console.warn('TLS config has `acme` field and old style definitions'); + } else { + config.tls.acme = {}; + Object.keys(oldPropMap).forEach(function (oldKey) { + if (config.tls[oldKey]) { + config.tls.acme[oldPropMap[oldKey]] = config.tls[oldKey]; + } + }); + } + } + if (config.tls.acme) { + updated = true; + config.tls.acme.domains = config.tls.acme.approved_domains; + delete config.tls.acme.approved_domains; + config.tls.modules = config.tls.modules || []; + config.tls.modules.push(Object.assign({}, config.tls.acme, {type: 'acme'})); + delete config.tls.acme; + } + } + + // Then we make sure all modules have an ID and type, and makes sure all domains + // are in the right spot and also have an ID. function updateModules(list) { if (!Array.isArray(list)) { return; @@ -100,9 +137,9 @@ function fixRawConfig(config) { } var newDom = { - id: crypto.randomBytes(4).toString('hex'), - names: dom.names, - modules: {} + id: crypto.randomBytes(4).toString('hex') + , names: dom.names + , modules: {} }; newDom.modules[name] = dom.modules; config.domains.push(newDom); diff --git a/lib/admin/config.js b/lib/admin/config.js index 26dcbb7..9cdb3a9 100644 --- a/lib/admin/config.js +++ b/lib/admin/config.js @@ -43,9 +43,9 @@ var moduleSchemas = { type: 'object' , required: [ 'email' ] , properties: { - email: { type: 'string' } - , server: { type: 'string' } - , challengeType: { type: 'string' } + email: { type: 'string' } + , server: { type: 'string' } + , challenge_type: { type: 'string' } } } }; @@ -120,21 +120,10 @@ var tlsSchema = { , properties: { modules: { type: 'array', items: addDomainRequirement({ oneOf: moduleRefs.tls }) } - , acme: { - type: 'object' - // These properties should be snake_case to match the API and config format - , required: [ 'email', 'approved_domains' ] - , properties: { - email: { type: 'string' } - , server: { type: 'string' } - , challenge_type: { type: 'string' } - , approved_domains: { type: 'array', items: { type: 'string' }, minLength: 1} - - // these are forbidden deprecated settings. - , bind: { not: {} } - , domains: { not: {} } - } - } + // these are forbidden deprecated settings. + , acme: { not: {} } + , bind: { not: {} } + , domains: { not: {} } } }; @@ -273,8 +262,8 @@ class DomainList extends IdList { this._itemName = 'domain'; this.forEach(function (dom) { dom.modules = { - http: new ModuleList((dom.modules || {}).http), - tls: new ModuleList((dom.modules || {}).tls), + http: new ModuleList((dom.modules || {}).http) + , tls: new ModuleList((dom.modules || {}).tls) }; }); } @@ -288,8 +277,8 @@ class DomainList extends IdList { } var modLists = { - http: new ModuleList(), - tls: new ModuleList() + http: new ModuleList() + , tls: new ModuleList() }; if (dom.modules && Array.isArray(dom.modules.http)) { dom.modules.http.forEach(modLists.http.add, modLists.http); diff --git a/lib/modules/tls.js b/lib/modules/tls.js index 0c30936..2b9a614 100644 --- a/lib/modules/tls.js +++ b/lib/modules/tls.js @@ -174,26 +174,6 @@ module.exports.create = function (deps, config, netHandler) { return; } - var defAcmeConf; - if (config.tls.acme) { - defAcmeConf = config.tls.acme; - } else { - defAcmeConf = { - email: config.tls.email - , server: config.tls.acmeDirectoryUrl || le.server - , challengeType: config.tls.challengeType || le.challengeType - , approvedDomains: config.tls.servernames - }; - } - - // Check config for domain name - // TODO: if `approvedDomains` isn't defined check all other modules to see if they can - // handle this domain (and what other domains it's grouped with). - if (-1 !== (defAcmeConf.approvedDomains || []).indexOf(opts.domain)) { - complete(defAcmeConf, defAcmeConf.approvedDomains); - return; - } - cb(new Error('domain is not allowed')); } });